From b1009b33c4e5fe6bcd3a1a2e856c5c19f0eab959 Mon Sep 17 00:00:00 2001
From: Andrew Ozz <admin@laptoptips.ca>
Date: Wed, 15 May 2013 22:09:54 +0000
Subject: [PATCH] Logged out warnings: fix same domain comparison in
 wp_auth_check_html() when FORCE_SSL_LOGIN && ! FORCE_SSL_ADMIN. See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/functions.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index bc2d6aec4f..d31e58ae42 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -3921,10 +3921,13 @@ function wp_auth_check_load() {
  * Output the HTML that shows the wp-login dialog when the user is no longer logged in
  */
 function wp_auth_check_html() {
-	$login_url = site_url( 'wp-login.php', 'login_post' );
+	$login_url = wp_login_url();
 	$current_domain = ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'];
 	$same_domain = ( strpos( $login_url, $current_domain ) === 0 );
 
+	if ( $same_domain && force_ssl_login() && ! force_ssl_admin() )
+		$same_domain = false;
+
 	// Let plugins change this if they know better.
 	$same_domain = apply_filters( 'wp_auth_check_same_domain', $same_domain );
 	$wrap_class = $same_domain ? 'hidden' : 'hidden fallback';